#TalkTalk: No White Flags, But Now Dido Needs to Act

Written by

Karl Marx was never short of a quote, and one of his most repeated being that history repeats itself first as tragedy, then as farce. As the TalkTalk incident lurches from the initial breach—the history is that this is the third time this year that it has been hit — to a demand for ransom from unknown parties to now the arrest of a 15-year boy in Northern Ireland, have we now reached Marx’s second phase? Can it really be that all it took to take-down a top telco was a techie teen?

As is usually the case, when a crisis emerges, so does the phrase ‘the first rule of being in a hole is to stop digging.’  As it reels from the blows following the huge breach it suffered on 22 October, TalkTalk could certainly be advised to leave the excavation stage.

It’s only natural that the company  would want to reassure its customers  and shareholders — the latter understandably and predictably  spooked by the company's stock price falling (12% on 26 October alone) after the event — that it was doing its level best to examine how the  breach happened and what it was doing to fix the matter ; in particular, as the breach pertained to the loss of customers’ credit card and banking details.

What may not have been the best idea, though, was to attempt to mitigate the reputational  damage by releasing a statement claiming that the breach wasn’t as bad as was being reported , just about the same time as customers were quieting up to give interviews on TV news stations of losses they had suffered already. In one case, a pensioner in the Kent area, claimed to have had up to £9,000 siphoned from her account since the breach occurred.

This may not also have been the best time for CEO Dido Harding to take to the media to claim that TalkTalk’s security apparatus was ‘head and shoulders’ above other, presumably rival, firms’. The Kent pensioner would not be alone if she was of the mind that if a multi-billion pound company such as TalkTalk could get hit, and not just by a 15-year-old boy as well, just what state of preparedness for today’s rapidly changing security threats these other firms were in.

In fairness to the beleaguered chief executive, Harding could not be accused of hiding from the incident and has certainly fronted up to it. (If not quite "manned-up" as in the words of one analyst.) But even if the crisis management strategy does indeed require a mixture of word and deed, it is the latter surely that worried customers want to hear most about. For example it is believed that TalkTalk has now employed the services of BAe Systems to rectify the damage. The speculation as to just how comforting this may be worried customers who could see it as a case of firmly locking the stable door once the cybercrime horse had bolted into the ether pulling their financial details on a wagon.

Let’s be blunt: Harding’s task will be big. In addition to a shareholder exodus, there are already reports of concerned customers being brusquely told that they would be charged up to £250 to leave the service. There’s also the matter of the UK’s Information Commissioner handing down a fine. This may amount to a £500,000 slap on the wrist, but it will only add to the reputational damage of a company out of control. Customers and shareholders could well deliver a more damning judgment.

Who knows what the latest news will bring, but there is indeed the real risk of the whole thing being seen as a farce, with one of the UK’s leading communications  companies with millions of paying customers regarded as an object of ridicule. TalkTalk has got to now do more than what its name says: it needs to act, and decisively at that. Otherwise the whole of its corporate body will disappear into the growing hole. Head and shoulders first.

What’s hot on Infosecurity Magazine?